<?php


  require 'session.php';
  

  if(!$_SESSION['logged']){
    

    if(isset($_POST['username']) && isset($_POST['password'])){
   
      $login = $_POST['username'];
      $password = $_POST['password'];
      $password = md5($password);
      require "connection.php";
      $user = @mysql_query("SELECT * FROM `users` WHERE `login`=\"".$login."\" && `password`=\"".$password."\"");
      $user = mysql_fetch_assoc($user);
      mysql_close();

      if(!empty($user)){
        $_SESSION['logged'] = true;
        $_SESSION['logged_id'] = $user['id'];
        $_SESSION['logged_name'] = $user['name'];
        if($user['admin'] == 1){
          $_SESSION['admin'] = true;
        } else {
          $_SESSION['admin'] = false;
        }
        header('Location: ../index.php');
      } else {

      	$_SESSION['loginError']='<h4>Es gibt keine solche Benutzer</h4>';
     
        header('Location: ../index.php');
      }
    } else {
    	$_SESSION['loginError']='<h4>Falsche Login-Daten</h4>';
    	header('Location: ../index.php');
    }
  } else {
  	$_SESSION['loginError']='<h4>Sie sind bereits angemeldet!</h4>';
  	header('Location: ../index.php');
  }
